Ansilbe 提供了一个 user 模块,用于创建和管理用户;
但如何在创建用户的同时加秘设置用户密码呢?
![Ansible如何创建用户? 图片[1]-Ansible如何创建用户?-不念博客](https://www.bunian.cn/wp-content/uploads/2022/11/image-413-1024x514.png)
Ansible用户创建
- 创建一个有登录shell 的用户,用户名是 bunian1:
- name 指定创建的用户名
- shell 指定用户登录时获得的shell
- home 为用户创建 HOME 目录
- state 指定是创建还是删除用户,当 state=absent 时,为删除用户
[root@localhost ansible]# ansible redis -m user -a 'name=bunian1 shell=/bin/bash home=/home/bunian1/ state=present'docker125 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": true,"comment": "","create_home": true,"group": 1000,"home": "/home/bunian1/","name": "bunian1","shell": "/bin/bash","state": "present","stderr": "useradd: warning: the home directory already exists.\nNot copying any file from skel directory into it.\n","stderr_lines": ["useradd: warning: the home directory already exists.","Not copying any file from skel directory into it."],"system": false,"uid": 1000}docker123 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": true,"comment": "","create_home": true,"group": 1000,"home": "/home/bunian1/","name": "bunian1","shell": "/bin/bash","state": "present","stderr": "useradd: warning: the home directory already exists.\nNot copying any file from skel directory into it.\n","stderr_lines": ["useradd: warning: the home directory already exists.","Not copying any file from skel directory into it."],"system": false,"uid": 1000}docker124 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": true,"comment": "","create_home": true,"group": 1000,"home": "/home/bunian1/","name": "bunian1","shell": "/bin/bash","state": "present","stderr": "useradd: warning: the home directory already exists.\nNot copying any file from skel directory into it.\n","stderr_lines": ["useradd: warning: the home directory already exists.","Not copying any file from skel directory into it."],"system": false,"uid": 1000}[root@localhost ansible]# ansible redis -m user -a 'name=bunian1 shell=/bin/bash home=/home/bunian1/ state=present' docker125 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1000, "home": "/home/bunian1/", "name": "bunian1", "shell": "/bin/bash", "state": "present", "stderr": "useradd: warning: the home directory already exists.\nNot copying any file from skel directory into it.\n", "stderr_lines": [ "useradd: warning: the home directory already exists.", "Not copying any file from skel directory into it." ], "system": false, "uid": 1000 } docker123 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1000, "home": "/home/bunian1/", "name": "bunian1", "shell": "/bin/bash", "state": "present", "stderr": "useradd: warning: the home directory already exists.\nNot copying any file from skel directory into it.\n", "stderr_lines": [ "useradd: warning: the home directory already exists.", "Not copying any file from skel directory into it." ], "system": false, "uid": 1000 } docker124 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1000, "home": "/home/bunian1/", "name": "bunian1", "shell": "/bin/bash", "state": "present", "stderr": "useradd: warning: the home directory already exists.\nNot copying any file from skel directory into it.\n", "stderr_lines": [ "useradd: warning: the home directory already exists.", "Not copying any file from skel directory into it." ], "system": false, "uid": 1000 }[root@localhost ansible]# ansible redis -m user -a 'name=bunian1 shell=/bin/bash home=/home/bunian1/ state=present' docker125 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1000, "home": "/home/bunian1/", "name": "bunian1", "shell": "/bin/bash", "state": "present", "stderr": "useradd: warning: the home directory already exists.\nNot copying any file from skel directory into it.\n", "stderr_lines": [ "useradd: warning: the home directory already exists.", "Not copying any file from skel directory into it." ], "system": false, "uid": 1000 } docker123 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1000, "home": "/home/bunian1/", "name": "bunian1", "shell": "/bin/bash", "state": "present", "stderr": "useradd: warning: the home directory already exists.\nNot copying any file from skel directory into it.\n", "stderr_lines": [ "useradd: warning: the home directory already exists.", "Not copying any file from skel directory into it." ], "system": false, "uid": 1000 } docker124 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1000, "home": "/home/bunian1/", "name": "bunian1", "shell": "/bin/bash", "state": "present", "stderr": "useradd: warning: the home directory already exists.\nNot copying any file from skel directory into it.\n", "stderr_lines": [ "useradd: warning: the home directory already exists.", "Not copying any file from skel directory into it." ], "system": false, "uid": 1000 }
如何设置用户密码
用 ansible 设置用户的密码时,由于需要对传输的密码进行加密,所以要在主机安装python 的passlib 库。
- 利用 pip 安装 passlib:
pip install passlib
- 生成的经过加密的密码(sha512 加密算法)
说明:在 Password 后输入我们的密码”xxxxx”,然后再按enter键
python -c 'from passlib.hash import sha512_crypt; import getpass; print (sha512_crypt.encrypt(getpass.getpass()))'python -c 'from passlib.hash import sha512_crypt; import getpass; print (sha512_crypt.encrypt(getpass.getpass()))'python -c 'from passlib.hash import sha512_crypt; import getpass; print (sha512_crypt.encrypt(getpass.getpass()))'
PS F:\各组件相关说明\ansible相关> pip install passlibCollecting passlibDownloading https://pypi.tuna.tsinghua.edu.cn/packages/3b/a4/ab6b7589382ca3df236e03faa71deac88cae040af60c071a78d254a62172/passlib-1.7.4-py2.py3-none-any.whl (525 kB)|████████████████████████████████| 525 kB 1.3 MB/sInstalling collected packages: passlibSuccessfully installed passlib-1.7.4WARNING: You are using pip version 20.2.4; however, version 20.3.3 is available.You should consider upgrading via the 'c:\users\administrator\appdata\local\programs\python\python37\python.exe -m pip install --upgrade pip' command.PS F:\各组件相关说明\ansible相关> python -c 'from passlib.hash import sha512_crypt; import getpass; print (sha512_crypt.encrypt(getpass.getpass()))'Password:-c:1: DeprecationWarning: the method passlib.handlers.sha2_crypt.sha512_crypt.encrypt() is deprecated as of Passlib 1.7, and will be removed in Passlib 2.0, use .hash() instead.$6$rounds=656000$fkskseDMlRAr7..8$./zCF2UbGiO7RrtyILeIckqK1ZU78wVwhWFeSrh2Qki604dG3apeF7BCwynu1HcnBp1g.LaFmZsjRCzJYjvzp/PS F:\各组件相关说明\ansible相关> pip install passlib Collecting passlib Downloading https://pypi.tuna.tsinghua.edu.cn/packages/3b/a4/ab6b7589382ca3df236e03faa71deac88cae040af60c071a78d254a62172/passlib-1.7.4-py2.py3-none-any.whl (525 kB) |████████████████████████████████| 525 kB 1.3 MB/s Installing collected packages: passlib Successfully installed passlib-1.7.4 WARNING: You are using pip version 20.2.4; however, version 20.3.3 is available. You should consider upgrading via the 'c:\users\administrator\appdata\local\programs\python\python37\python.exe -m pip install --upgrade pip' command. PS F:\各组件相关说明\ansible相关> python -c 'from passlib.hash import sha512_crypt; import getpass; print (sha512_crypt.encrypt(getpass.getpass()))' Password: -c:1: DeprecationWarning: the method passlib.handlers.sha2_crypt.sha512_crypt.encrypt() is deprecated as of Passlib 1.7, and will be removed in Passlib 2.0, use .hash() instead. $6$rounds=656000$fkskseDMlRAr7..8$./zCF2UbGiO7RrtyILeIckqK1ZU78wVwhWFeSrh2Qki604dG3apeF7BCwynu1HcnBp1g.LaFmZsjRCzJYjvzp/PS F:\各组件相关说明\ansible相关> pip install passlib Collecting passlib Downloading https://pypi.tuna.tsinghua.edu.cn/packages/3b/a4/ab6b7589382ca3df236e03faa71deac88cae040af60c071a78d254a62172/passlib-1.7.4-py2.py3-none-any.whl (525 kB) |████████████████████████████████| 525 kB 1.3 MB/s Installing collected packages: passlib Successfully installed passlib-1.7.4 WARNING: You are using pip version 20.2.4; however, version 20.3.3 is available. You should consider upgrading via the 'c:\users\administrator\appdata\local\programs\python\python37\python.exe -m pip install --upgrade pip' command. PS F:\各组件相关说明\ansible相关> python -c 'from passlib.hash import sha512_crypt; import getpass; print (sha512_crypt.encrypt(getpass.getpass()))' Password: -c:1: DeprecationWarning: the method passlib.handlers.sha2_crypt.sha512_crypt.encrypt() is deprecated as of Passlib 1.7, and will be removed in Passlib 2.0, use .hash() instead. $6$rounds=656000$fkskseDMlRAr7..8$./zCF2UbGiO7RrtyILeIckqK1ZU78wVwhWFeSrh2Qki604dG3apeF7BCwynu1HcnBp1g.LaFmZsjRCzJYjvzp/
- 创建带加密码bunian用户
[root@localhost ansible]# ansible redis -m user -a 'name=bunian shell=/bin/bash password=$6$rounds=656000$fkskseDMlRAr7..8$./zCF2UbGiO7RrtyILeIckqK1ZU78wVwhWFeSrh2Qki604dG3apeF7BCwynu1HcnBp1g.LaFmZsjRCzJYjvzp/ update_password=always'docker125 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": true,"comment": "","create_home": true,"group": 1001,"home": "/home/bunian","name": "bunian","password": "NOT_LOGGING_PASSWORD","shell": "/bin/bash","state": "present","system": false,"uid": 1001}docker124 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": true,"comment": "","create_home": true,"group": 1001,"home": "/home/bunian","name": "bunian","password": "NOT_LOGGING_PASSWORD","shell": "/bin/bash","state": "present","system": false,"uid": 1001}docker123 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": true,"comment": "","create_home": true,"group": 1001,"home": "/home/bunian","name": "bunian","password": "NOT_LOGGING_PASSWORD","shell": "/bin/bash","state": "present","system": false,"uid": 1001}[root@localhost ansible]# ansible redis -m user -a 'name=bunian shell=/bin/bash password=$6$rounds=656000$fkskseDMlRAr7..8$./zCF2UbGiO7RrtyILeIckqK1ZU78wVwhWFeSrh2Qki604dG3apeF7BCwynu1HcnBp1g.LaFmZsjRCzJYjvzp/ update_password=always' docker125 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1001, "home": "/home/bunian", "name": "bunian", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1001 } docker124 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1001, "home": "/home/bunian", "name": "bunian", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1001 } docker123 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1001, "home": "/home/bunian", "name": "bunian", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1001 }[root@localhost ansible]# ansible redis -m user -a 'name=bunian shell=/bin/bash password=$6$rounds=656000$fkskseDMlRAr7..8$./zCF2UbGiO7RrtyILeIckqK1ZU78wVwhWFeSrh2Qki604dG3apeF7BCwynu1HcnBp1g.LaFmZsjRCzJYjvzp/ update_password=always' docker125 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1001, "home": "/home/bunian", "name": "bunian", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1001 } docker124 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1001, "home": "/home/bunian", "name": "bunian", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1001 } docker123 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "comment": "", "create_home": true, "group": 1001, "home": "/home/bunian", "name": "bunian", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1001 }
验证
[root@33a870725069 home]# lltotal 0drwx------ 2 bunian1 bunian1 62 Apr 11 2018 bunian1drwx------ 2 bunian bunian 62 Dec 23 07:29 bunian[root@33a870725069 home]# su bunian1[bunian1@33a870725069 home]$ su bunianPassword:[bunian@33a870725069 home]$[root@33a870725069 home]# ll total 0 drwx------ 2 bunian1 bunian1 62 Apr 11 2018 bunian1 drwx------ 2 bunian bunian 62 Dec 23 07:29 bunian [root@33a870725069 home]# su bunian1 [bunian1@33a870725069 home]$ su bunian Password: [bunian@33a870725069 home]$[root@33a870725069 home]# ll total 0 drwx------ 2 bunian1 bunian1 62 Apr 11 2018 bunian1 drwx------ 2 bunian bunian 62 Dec 23 07:29 bunian [root@33a870725069 home]# su bunian1 [bunian1@33a870725069 home]$ su bunian Password: [bunian@33a870725069 home]$
© 版权声明
本站文章由不念博客原创,未经允许严禁转载!
THE END